{"url":"http://public2.vulnerablecode.io/api/packages/30194?format=json","purl":"pkg:pypi/paddlepaddle@2.3.0","type":"pypi","namespace":"","name":"paddlepaddle","version":"2.3.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.6.1","latest_non_vulnerable_version":"2.6.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36672?format=json","vulnerability_id":"VCID-17s7-wrdn-ebes","summary":"FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-007.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-007.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/690ffe814dbfc5054d4e92df878687fd638fe3a5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/690ffe814dbfc5054d4e92df878687fd638fe3a5"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-130.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-130.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38675","reference_id":"CVE-2023-38675","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38675"},{"reference_url":"https://github.com/advisories/GHSA-jm68-fpmr-8j2g","reference_id":"GHSA-jm68-fpmr-8j2g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jm68-fpmr-8j2g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-38675","GHSA-jm68-fpmr-8j2g","PYSEC-2024-130"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-17s7-wrdn-ebes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36667?format=json","vulnerability_id":"VCID-35qf-2v8r-t3cf","summary":"FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-017.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-017.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-140.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-140.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52308","reference_id":"CVE-2023-52308","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52308"},{"reference_url":"https://github.com/advisories/GHSA-v9pg-qw6x-w5r2","reference_id":"GHSA-v9pg-qw6x-w5r2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v9pg-qw6x-w5r2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52308","GHSA-v9pg-qw6x-w5r2","PYSEC-2024-140"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-35qf-2v8r-t3cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36676?format=json","vulnerability_id":"VCID-45e3-a2hf-4bh9","summary":"PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-019.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-019.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/49bec176053595975c1941cff9749c55f7203ea9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/49bec176053595975c1941cff9749c55f7203ea9"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-142.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-142.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52310","reference_id":"CVE-2023-52310","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52310"},{"reference_url":"https://github.com/advisories/GHSA-j5h9-9r39-43q5","reference_id":"GHSA-j5h9-9r39-43q5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j5h9-9r39-43q5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52310","GHSA-j5h9-9r39-43q5","PYSEC-2024-142"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-45e3-a2hf-4bh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36660?format=json","vulnerability_id":"VCID-49pw-ktz7-jfh4","summary":"FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-014.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-014.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-137.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-137.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52305","reference_id":"CVE-2023-52305","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52305"},{"reference_url":"https://github.com/advisories/GHSA-rx2r-q96c-w5cc","reference_id":"GHSA-rx2r-q96c-w5cc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rx2r-q96c-w5cc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52305","GHSA-rx2r-q96c-w5cc","PYSEC-2024-137"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-49pw-ktz7-jfh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36500?format=json","vulnerability_id":"VCID-5s1z-ubhw-y7af","summary":"Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-001.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-001.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38669","reference_id":"CVE-2023-38669","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38669"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35078?format=json","purl":"pkg:pypi/paddlepaddle@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17s7-wrdn-ebes"},{"vulnerability":"VCID-35qf-2v8r-t3cf"},{"vulnerability":"VCID-45e3-a2hf-4bh9"},{"vulnerability":"VCID-49pw-ktz7-jfh4"},{"vulnerability":"VCID-7dca-ch9k-jkb6"},{"vulnerability":"VCID-9cbs-47dq-rfca"},{"vulnerability":"VCID-akmg-8bh1-xufv"},{"vulnerability":"VCID-cuna-r55b-rqf3"},{"vulnerability":"VCID-fbr1-2g6w-tqaa"},{"vulnerability":"VCID-fd4j-1rre-5ua9"},{"vulnerability":"VCID-h7rz-ms5h-huen"},{"vulnerability":"VCID-ndbe-sr54-f3ha"},{"vulnerability":"VCID-nehj-8bwx-qyce"},{"vulnerability":"VCID-pt8v-dqvj-yue7"},{"vulnerability":"VCID-pyt1-w4bk-x7cb"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-sshq-1n66-uugm"},{"vulnerability":"VCID-z3ar-bcd5-gya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.5.0"}],"aliases":["CVE-2023-38669","PYSEC-2023-122"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5s1z-ubhw-y7af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36663?format=json","vulnerability_id":"VCID-7dca-ch9k-jkb6","summary":"FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-015.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-015.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-138.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-138.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52306","reference_id":"CVE-2023-52306","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52306"},{"reference_url":"https://github.com/advisories/GHSA-rg9q-m8hv-xxr6","reference_id":"GHSA-rg9q-m8hv-xxr6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rg9q-m8hv-xxr6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52306","GHSA-rg9q-m8hv-xxr6","PYSEC-2024-138"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7dca-ch9k-jkb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36675?format=json","vulnerability_id":"VCID-9cbs-47dq-rfca","summary":"PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-023.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-023.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/5ed9478fdef96a06eeec9093f9e768c97b094af3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/5ed9478fdef96a06eeec9093f9e768c97b094af3"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-146.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-146.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52314","reference_id":"CVE-2023-52314","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52314"},{"reference_url":"https://github.com/advisories/GHSA-3cr5-2446-8pg3","reference_id":"GHSA-3cr5-2446-8pg3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3cr5-2446-8pg3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52314","GHSA-3cr5-2446-8pg3","PYSEC-2024-146"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9cbs-47dq-rfca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36661?format=json","vulnerability_id":"VCID-akmg-8bh1-xufv","summary":"OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-010.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-010.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-133.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-133.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38678","reference_id":"CVE-2023-38678","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38678"},{"reference_url":"https://github.com/advisories/GHSA-mr78-v55p-7777","reference_id":"GHSA-mr78-v55p-7777","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mr78-v55p-7777"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-38678","GHSA-mr78-v55p-7777","PYSEC-2024-133"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-akmg-8bh1-xufv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36665?format=json","vulnerability_id":"VCID-cuna-r55b-rqf3","summary":"Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-008.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-008.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-131.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-131.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38676","reference_id":"CVE-2023-38676","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38676"},{"reference_url":"https://github.com/advisories/GHSA-x3q9-c788-j7c8","reference_id":"GHSA-x3q9-c788-j7c8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x3q9-c788-j7c8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-38676","GHSA-x3q9-c788-j7c8","PYSEC-2024-131"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cuna-r55b-rqf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36674?format=json","vulnerability_id":"VCID-fbr1-2g6w-tqaa","summary":"Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-012.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-012.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-135.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-135.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52303","reference_id":"CVE-2023-52303","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52303"},{"reference_url":"https://github.com/advisories/GHSA-2wcj-qr76-9768","reference_id":"GHSA-2wcj-qr76-9768","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2wcj-qr76-9768"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52303","GHSA-2wcj-qr76-9768","PYSEC-2024-135"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fbr1-2g6w-tqaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36662?format=json","vulnerability_id":"VCID-fd4j-1rre-5ua9","summary":"FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-009.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-009.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-132.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-132.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38677","reference_id":"CVE-2023-38677","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38677"},{"reference_url":"https://github.com/advisories/GHSA-c6ph-m8cw-rfqh","reference_id":"GHSA-c6ph-m8cw-rfqh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c6ph-m8cw-rfqh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-38677","GHSA-c6ph-m8cw-rfqh","PYSEC-2024-132"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fd4j-1rre-5ua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36669?format=json","vulnerability_id":"VCID-h7rz-ms5h-huen","summary":"Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-013.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-013.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-136.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-136.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52304","reference_id":"CVE-2023-52304","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52304"},{"reference_url":"https://github.com/advisories/GHSA-4rrv-8gcp-24v8","reference_id":"GHSA-4rrv-8gcp-24v8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4rrv-8gcp-24v8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52304","GHSA-4rrv-8gcp-24v8","PYSEC-2024-136"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h7rz-ms5h-huen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36504?format=json","vulnerability_id":"VCID-kcxs-f62a-8fbb","summary":"PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-005.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-005.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38673","reference_id":"CVE-2023-38673","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38673"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35078?format=json","purl":"pkg:pypi/paddlepaddle@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17s7-wrdn-ebes"},{"vulnerability":"VCID-35qf-2v8r-t3cf"},{"vulnerability":"VCID-45e3-a2hf-4bh9"},{"vulnerability":"VCID-49pw-ktz7-jfh4"},{"vulnerability":"VCID-7dca-ch9k-jkb6"},{"vulnerability":"VCID-9cbs-47dq-rfca"},{"vulnerability":"VCID-akmg-8bh1-xufv"},{"vulnerability":"VCID-cuna-r55b-rqf3"},{"vulnerability":"VCID-fbr1-2g6w-tqaa"},{"vulnerability":"VCID-fd4j-1rre-5ua9"},{"vulnerability":"VCID-h7rz-ms5h-huen"},{"vulnerability":"VCID-ndbe-sr54-f3ha"},{"vulnerability":"VCID-nehj-8bwx-qyce"},{"vulnerability":"VCID-pt8v-dqvj-yue7"},{"vulnerability":"VCID-pyt1-w4bk-x7cb"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-sshq-1n66-uugm"},{"vulnerability":"VCID-z3ar-bcd5-gya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.5.0"}],"aliases":["CVE-2023-38673","PYSEC-2023-126"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcxs-f62a-8fbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36666?format=json","vulnerability_id":"VCID-ndbe-sr54-f3ha","summary":"Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-018.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-018.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-141.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-141.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52309","reference_id":"CVE-2023-52309","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52309"},{"reference_url":"https://github.com/advisories/GHSA-8fp7-jwv2-49x9","reference_id":"GHSA-8fp7-jwv2-49x9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8fp7-jwv2-49x9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52309","GHSA-8fp7-jwv2-49x9","PYSEC-2024-141"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndbe-sr54-f3ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36677?format=json","vulnerability_id":"VCID-nehj-8bwx-qyce","summary":"FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-006.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-006.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/690ffe814dbfc5054d4e92df878687fd638fe3a5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/690ffe814dbfc5054d4e92df878687fd638fe3a5"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-129.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-129.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38674","reference_id":"CVE-2023-38674","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38674"},{"reference_url":"https://github.com/advisories/GHSA-xjpw-hx47-rccv","reference_id":"GHSA-xjpw-hx47-rccv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xjpw-hx47-rccv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-38674","GHSA-xjpw-hx47-rccv","PYSEC-2024-129"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nehj-8bwx-qyce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36501?format=json","vulnerability_id":"VCID-nvts-nkrt-7ybs","summary":"Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-003.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-003.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38671","reference_id":"CVE-2023-38671","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38671"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35078?format=json","purl":"pkg:pypi/paddlepaddle@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17s7-wrdn-ebes"},{"vulnerability":"VCID-35qf-2v8r-t3cf"},{"vulnerability":"VCID-45e3-a2hf-4bh9"},{"vulnerability":"VCID-49pw-ktz7-jfh4"},{"vulnerability":"VCID-7dca-ch9k-jkb6"},{"vulnerability":"VCID-9cbs-47dq-rfca"},{"vulnerability":"VCID-akmg-8bh1-xufv"},{"vulnerability":"VCID-cuna-r55b-rqf3"},{"vulnerability":"VCID-fbr1-2g6w-tqaa"},{"vulnerability":"VCID-fd4j-1rre-5ua9"},{"vulnerability":"VCID-h7rz-ms5h-huen"},{"vulnerability":"VCID-ndbe-sr54-f3ha"},{"vulnerability":"VCID-nehj-8bwx-qyce"},{"vulnerability":"VCID-pt8v-dqvj-yue7"},{"vulnerability":"VCID-pyt1-w4bk-x7cb"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-sshq-1n66-uugm"},{"vulnerability":"VCID-z3ar-bcd5-gya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.5.0"}],"aliases":["CVE-2023-38671","PYSEC-2023-124"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nvts-nkrt-7ybs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36324?format=json","vulnerability_id":"VCID-p4dk-geq7-j3b7","summary":"Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-002.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-002.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30198?format=json","purl":"pkg:pypi/paddlepaddle@2.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17s7-wrdn-ebes"},{"vulnerability":"VCID-35qf-2v8r-t3cf"},{"vulnerability":"VCID-45e3-a2hf-4bh9"},{"vulnerability":"VCID-49pw-ktz7-jfh4"},{"vulnerability":"VCID-5s1z-ubhw-y7af"},{"vulnerability":"VCID-7dca-ch9k-jkb6"},{"vulnerability":"VCID-9cbs-47dq-rfca"},{"vulnerability":"VCID-akmg-8bh1-xufv"},{"vulnerability":"VCID-cuna-r55b-rqf3"},{"vulnerability":"VCID-fbr1-2g6w-tqaa"},{"vulnerability":"VCID-fd4j-1rre-5ua9"},{"vulnerability":"VCID-h7rz-ms5h-huen"},{"vulnerability":"VCID-kcxs-f62a-8fbb"},{"vulnerability":"VCID-ndbe-sr54-f3ha"},{"vulnerability":"VCID-nehj-8bwx-qyce"},{"vulnerability":"VCID-nvts-nkrt-7ybs"},{"vulnerability":"VCID-pt8v-dqvj-yue7"},{"vulnerability":"VCID-pyt1-w4bk-x7cb"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-sshq-1n66-uugm"},{"vulnerability":"VCID-swfm-bfvg-quft"},{"vulnerability":"VCID-vwp3-2fev-3qaz"},{"vulnerability":"VCID-z3ar-bcd5-gya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.4.0"}],"aliases":["CVE-2022-46742","PYSEC-2022-43063"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p4dk-geq7-j3b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36670?format=json","vulnerability_id":"VCID-pt8v-dqvj-yue7","summary":"Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-011.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-011.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-134.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-134.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52302","reference_id":"CVE-2023-52302","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52302"},{"reference_url":"https://github.com/advisories/GHSA-547m-23x7-cxg5","reference_id":"GHSA-547m-23x7-cxg5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-547m-23x7-cxg5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52302","GHSA-547m-23x7-cxg5","PYSEC-2024-134"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pt8v-dqvj-yue7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36668?format=json","vulnerability_id":"VCID-pyt1-w4bk-x7cb","summary":"PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-020.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-020.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/c5f6862d118d7d69210f0e73bea1b055f5f21f2b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/c5f6862d118d7d69210f0e73bea1b055f5f21f2b"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-143.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-143.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52311","reference_id":"CVE-2023-52311","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52311"},{"reference_url":"https://github.com/advisories/GHSA-rf7p-79xq-8xwm","reference_id":"GHSA-rf7p-79xq-8xwm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rf7p-79xq-8xwm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52311","GHSA-rf7p-79xq-8xwm","PYSEC-2024-143"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pyt1-w4bk-x7cb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36673?format=json","vulnerability_id":"VCID-s51x-rhes-73h1","summary":"Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/488a0ddc322b24659b6b0067fea3030d2f013cf4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/488a0ddc322b24659b6b0067fea3030d2f013cf4"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-144.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-144.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52312","reference_id":"CVE-2023-52312","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52312"},{"reference_url":"https://github.com/advisories/GHSA-qppw-c37g-xwcc","reference_id":"GHSA-qppw-c37g-xwcc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qppw-c37g-xwcc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/38544?format=json","purl":"pkg:pypi/paddlepaddle@2.6.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.1"}],"aliases":["CVE-2023-52312","GHSA-qppw-c37g-xwcc","PYSEC-2024-144"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s51x-rhes-73h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36664?format=json","vulnerability_id":"VCID-sshq-1n66-uugm","summary":"Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-016.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-016.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/6fdb316c8b0eb747e5324907e352824c9dba8215","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/6fdb316c8b0eb747e5324907e352824c9dba8215"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-139.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-139.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52307","reference_id":"CVE-2023-52307","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52307"},{"reference_url":"https://github.com/advisories/GHSA-g57v-2687-jx33","reference_id":"GHSA-g57v-2687-jx33","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g57v-2687-jx33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52307","GHSA-g57v-2687-jx33","PYSEC-2024-139"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sshq-1n66-uugm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36502?format=json","vulnerability_id":"VCID-swfm-bfvg-quft","summary":"Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-002.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-002.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38670","reference_id":"CVE-2023-38670","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38670"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35078?format=json","purl":"pkg:pypi/paddlepaddle@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17s7-wrdn-ebes"},{"vulnerability":"VCID-35qf-2v8r-t3cf"},{"vulnerability":"VCID-45e3-a2hf-4bh9"},{"vulnerability":"VCID-49pw-ktz7-jfh4"},{"vulnerability":"VCID-7dca-ch9k-jkb6"},{"vulnerability":"VCID-9cbs-47dq-rfca"},{"vulnerability":"VCID-akmg-8bh1-xufv"},{"vulnerability":"VCID-cuna-r55b-rqf3"},{"vulnerability":"VCID-fbr1-2g6w-tqaa"},{"vulnerability":"VCID-fd4j-1rre-5ua9"},{"vulnerability":"VCID-h7rz-ms5h-huen"},{"vulnerability":"VCID-ndbe-sr54-f3ha"},{"vulnerability":"VCID-nehj-8bwx-qyce"},{"vulnerability":"VCID-pt8v-dqvj-yue7"},{"vulnerability":"VCID-pyt1-w4bk-x7cb"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-sshq-1n66-uugm"},{"vulnerability":"VCID-z3ar-bcd5-gya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.5.0"}],"aliases":["CVE-2023-38670","PYSEC-2023-123"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swfm-bfvg-quft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36503?format=json","vulnerability_id":"VCID-vwp3-2fev-3qaz","summary":"FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-004.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-004.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38672","reference_id":"CVE-2023-38672","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38672"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35078?format=json","purl":"pkg:pypi/paddlepaddle@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17s7-wrdn-ebes"},{"vulnerability":"VCID-35qf-2v8r-t3cf"},{"vulnerability":"VCID-45e3-a2hf-4bh9"},{"vulnerability":"VCID-49pw-ktz7-jfh4"},{"vulnerability":"VCID-7dca-ch9k-jkb6"},{"vulnerability":"VCID-9cbs-47dq-rfca"},{"vulnerability":"VCID-akmg-8bh1-xufv"},{"vulnerability":"VCID-cuna-r55b-rqf3"},{"vulnerability":"VCID-fbr1-2g6w-tqaa"},{"vulnerability":"VCID-fd4j-1rre-5ua9"},{"vulnerability":"VCID-h7rz-ms5h-huen"},{"vulnerability":"VCID-ndbe-sr54-f3ha"},{"vulnerability":"VCID-nehj-8bwx-qyce"},{"vulnerability":"VCID-pt8v-dqvj-yue7"},{"vulnerability":"VCID-pyt1-w4bk-x7cb"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-sshq-1n66-uugm"},{"vulnerability":"VCID-z3ar-bcd5-gya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.5.0"}],"aliases":["CVE-2023-38672","PYSEC-2023-125"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vwp3-2fev-3qaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36671?format=json","vulnerability_id":"VCID-z3ar-bcd5-gya8","summary":"FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.","references":[{"reference_url":"https://github.com/PaddlePaddle/Paddle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-022.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-022.md"},{"reference_url":"https://github.com/PaddlePaddle/Paddle/commit/6ef71779197ad6faf51ac295022ab5008d81372f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PaddlePaddle/Paddle/commit/6ef71779197ad6faf51ac295022ab5008d81372f"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-145.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-145.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52313","reference_id":"CVE-2023-52313","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52313"},{"reference_url":"https://github.com/advisories/GHSA-275c-w5mq-v5m2","reference_id":"GHSA-275c-w5mq-v5m2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-275c-w5mq-v5m2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38543?format=json","purl":"pkg:pypi/paddlepaddle@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17nd-k3cn-4bb4"},{"vulnerability":"VCID-fsej-h74n-6ffs"},{"vulnerability":"VCID-fzzq-2t1q-p7fa"},{"vulnerability":"VCID-mpck-qgnf-vfg5"},{"vulnerability":"VCID-s51x-rhes-73h1"},{"vulnerability":"VCID-wqhd-4yv8-37ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.6.0"}],"aliases":["CVE-2023-52313","GHSA-275c-w5mq-v5m2","PYSEC-2024-145"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z3ar-bcd5-gya8"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/paddlepaddle@2.3.0"}